c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0 | Triage

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
14-03-2022 15:00

Sharing

Report Analysis Logs

General

Target

c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe
Size

552KB
MD5

2a3415ff37c6f1b5513c9b0c2195b9c4
SHA1

37ac33429ba6e0391e8dab7dd1ca350801110b74
SHA256

c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0
SHA512

278900181fa9a80a4d30fb34d7b0e4829c57694bee3d693e3714a4eaf1ca62d5c6310f230064b7d443b356c5a30089ff566afa11d3f2256a16ca736c6a6d928a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exefondue.exe

description	pid	process	target process
PID 1012 wrote to memory of 3876	1012	c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe	fondue.exe
PID 1012 wrote to memory of 3876	1012	c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe	fondue.exe
PID 1012 wrote to memory of 3876	1012	c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe	fondue.exe
PID 3876 wrote to memory of 3772	3876	fondue.exe	FonDUE.EXE
PID 3876 wrote to memory of 3772	3876	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe
"C:\Users\Admin\AppData\Local\Temp\c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1012

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3876

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:3772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads